Chapter 2: Personnel & Risk Management

Concepts

Job Description 1st

Separation of Duties

Collusion

Job Responsibilities

Least Privilege

Job Rotation

Peer Auditing &
Collusion

Employment Items

Screening

Agreement/
Policies

Termination

Vendors &
Consultants

SLA's

Compliance

Policy

HIPPA

SOX

Definition

3rd Party Governance

Documentation Review

ATO/TATO

Risk Terminology

Asset

Asset Valuation

Threats

Vulnerability

Exposure

Risk

Safeguard

Attack

Breach

Identify Threats
and Vulnerabilties

Viruses

Users Errors

Disgruntled
Employees

Risk Assessment/
Analysis

Quantitative Risk

Exposure Factor

Single Loss
Expectancy

Annualized Rate
of Return

Annualized Loss
Expectancy

Calc ALE w/
Safeguard

Calc Safeguard
Costs

Calc Safeguard
Cost/Benefit

Qualitative

Risk Assignment/
Acceptance

Mitigation

Assignment

Acceptance

Rejection

Understand
Control Gap

Countermeasure
Selection and
Assessment

Tamperproof

Overrides to
Privileged Users
Only

Provide Fail Safe
and/or Fail Secure
Options

Implementation

Defense in
Depth

Technical

Administrative

Physical

Types of
Controls

Deterrent

Preventive

Detective

Compensating

Corrective

Recovery

Directive

Monitoring &
Measurement

Asset Valuation

Tangible and InTangible
that leads to valuation of
assets

Continuous Improvement

Risk Framework

Categorize

Select

Implement

Assess

Authorize

Monitor

Awareness

Training

Education